Benjamin Schieder:

package/base/device-mapper/device-mapper.conf

@@ -20,5 +20,13 @@
 # 
 # --- ROCK-COPYRIGHT-NOTE-END ---
 
+devicemapper_pm() {
+	mkdir -p $root/etc/conf/dm
+	cp $confdir/etc_conf_dm_initrd_dm $root/etc/conf/dm/initrd_dm
+	mkdir -p $root/etc/conf/initrd
+	cp $confdir/etc_conf_initrd_initrd_dm $root/etc/conf/initrd/initrd_dm
+}
+
 srcdir="device-mapper.$ver"
 [ "$root/$prefix" = "/usr" ] && confopt=""
+postmake="devicemapper_pm"

package/base/device-mapper/etc_conf_dm_initrd_dm

@@ -0,0 +1,256 @@
+#!/bin/bash
+
+read a b version c < /proc/version
+while read device mountpoint status ; do
+	[ "${status}" == "plain" ] && continue
+	if [ ${rootfsmounted} -eq 0 -a "${mountpoint}" != "/" ] ; then # we need to have the rootfs mounted for all other filesystems to be mountable
+		echo "Mounting rootfs (${rootfs}) on /root"
+		initrd_mount ${rootfs} /root
+		rootfsmounted=1
+	fi
+	if [ "${status}" == "encrypt" ] ; then # {{{
+		echo "Encrypting ${device} on ${mountpoint}"
+		echo 
+		echo "WARNING! Although this is usually safe you should make sure that your backups"
+		echo "are recent and working. Just in case something happens (power loss, ...)."
+		echo "If this process is interrupted your filesystem WILL BE INACCESSIBLE!"
+		echo 
+		pass1="MEEP"
+		pass2="MOOP"
+		while [ "${pass1}" != "${pass2}" ] ; do
+			echo -n "Please enter the passphrase for encryption: "
+			read -s pass1 < /dev/console
+			echo
+			if [ -z "${pass1:20}" ] ; then
+				echo "Your passphrase is short and may thus be insecure."
+				echo -n "Enter it again to use it anyway: "
+				read -s passa < /dev/console
+				echo
+				if [ "${passa}" != "${pass1}" ] ; then
+					passa="ABCD"
+					pass1="MEEP"
+					pass2="MOOP"
+					continue
+				fi
+				passa="ABCD"
+			fi
+			echo -n "Please confirm the passphrase: "
+			read -s pass2 < /dev/console
+			echo
+			[ "${pass1}" != "${pass2}" ] && echo "The passphrases do not match!"
+		done
+		
+		pass1="`echo ${pass1} | md5sum`"
+		pass1=${pass1%% *}
+		encryptedname=${device//\//_}_encrypted
+		encryptedname=${encryptedname#_}
+		echo -n "Setting up encryption now ... "
+		echo 0 `/sbin/blockdev --getsize ${device}` crypt aes-plain ${pass1} 0 ${device} 0 | /sbin/dmsetup create ${encryptedname}
+		echo "done"
+		echo "I will now do a sanity check of the harddisk. This means"
+		echo "that the encryption process will be simulated by writing"
+		echo "to /dev/null instead of the encrypted partition."
+		echo "This ensures that the whole disk is readable and the"
+		echo "copy process won't fail because of a bad harddisk."
+		echo
+		echo -n "Press enter to continue ... "
+		read </dev/console
+		if /bin/dd if=/dev/zero of=/dev/null conv=stat count=1 2>/dev/null ; then
+			echo "Starting dd, this will take some time. Go have some coffee :-)"
+			dd if=${device} of=/dev/null bs=1k conv=stat # conv=stat is my personal patch -- BRS
+			error=${?}
+		else
+			echo "Starting dd, this will take some time. No output will happen"
+			echo "while this is running. Go have some coffee :-)"
+			dd if=${device} of=/dev/null bs=1k
+			error=${?}
+		fi
+		if [ ${error} != 0 ] ; then
+			echo "An error occured!"
+			echo "Cowardly refusing to encrypt ${device}!"
+			/sbin/dmsetup remove ${encryptedname}
+			echo "Starting a shell"
+			echo
+			exec /bin/bash
+			continue
+		fi
+		echo "Now the critical part of the encryption process starts."
+		echo "I'm now copying the data bytewise from the unencrypted device to the"
+		echo "encrypted loopdevice. Make absolutely sure that this process won't be"
+		echo "interrupted!"
+		echo
+		echo -n "Press enter to start encrypting ... "
+		read < /dev/console
+		if /bin/dd if=/dev/zero of=/dev/null conv=stat count=1 2>/dev/null ; then
+			echo "Starting dd, this will take some time. Go have some coffee :-)"
+			dd if=${device} of=/dev/mapper/${encryptedname} bs=1k conv=stat # conv=stat is my personal patch -- BRS
+		else
+			echo "Starting dd, this will take some time. No output will happen"
+			echo "while this is running. Go have some coffee :-)"
+			dd if=${device} of=/dev/mapper/${encryptedname} bs=1k
+		fi
+		echo "Encrypting the data is done."
+		echo -n "Mounting encrypted ${device} on ${mountpoint} now ... "
+		if ! initrd_mount /dev/mapper/${encryptedname} /root/${mountpoint} ; then
+			echo "FAILED"
+			echo "Couldn't mount /dev/mapper/${encryptedname} on ${mountpoint}"
+			echo "Starting a shell"
+			echo
+			exec /bin/bash
+		fi
+		[ "${mountpoint}" == "/" ] && rootfsmounted=1
+		echo "done"
+		echo "Remember to change the status of ${device} to encrypted using stone."
+		echo "Press enter to continue"
+		read < /dev/console
+		continue
+	fi # }}}
+	if [ "${status}" == "decrypt" ] ; then # {{{
+		echo "Decrypting ${device} on ${mountpoint}"
+		echo 
+		echo "WARNING! Although this is usually safe you should make sure that your backups"
+		echo "are recent and working. Just in case something happens (power loss, ...)."
+		echo "If this process is interrupted your filesystem WILL BE INACCESSIBLE!"
+		echo 
+		pass1="MEEP"
+		pass2="MOOP"
+		while [ "${pass1}" != "${pass2}" ] ; do
+			echo -n "Please enter the passphrase for decryption: "
+			read -s pass1 < /dev/console
+			echo
+			echo -n "Please confirm the passphrase: "
+			read -s pass2 < /dev/console
+			echo
+			[ "${pass1}" != "${pass2}" ] && echo "The passphrases do not match!"
+		done
+		pass1="`echo ${pass1} | md5sum`"
+		pass1=${pass1%% *}
+		encryptedname=${device//\//_}_encrypted
+		encryptedname=${encryptedname#_}
+
+		echo -n "Setting up decryption now ... "
+		echo 0 `/sbin/blockdev --getsize ${device}` crypt aes-plain ${pass1} 0 ${device} 0 | /sbin/dmsetup create ${encryptedname}
+		echo "done"
+		echo "I will now do a sanity check of the harddisk. This means"
+		echo "that the encryption process will be simulated by writing"
+		echo "to /dev/null instead of the encrypted partition."
+		echo "This ensures that the whole disk is readable and the"
+		echo "copy process won't fail because of a bad harddisk."
+		echo
+		echo -n "Press enter to continue ... "
+		read </dev/console
+		if /bin/dd if=/dev/zero of=/dev/null conv=stat count=1 2>/dev/null ; then
+			echo "Starting dd, this will take some time. Go have some coffee :-)"
+			dd if=${device} of=/dev/null bs=1k conv=stat # conv=stat is my personal patch -- BRS
+			error=${?}
+		else
+			echo "Starting dd, this will take some time. No output will happen"
+			echo "while this is running. Go have some coffee :-)"
+			dd if=${device} of=/dev/null bs=1k
+			error=${?}
+		fi
+		if [ ${error} != 0 ] ; then
+			echo "An error occured!"
+			echo "Cowardly refusing to decrypt ${device}!"
+			echo "Starting a shell."
+			echo
+			exec /bin/bash
+			continue
+		fi
+		echo "Now the critical part of the decryption process starts."
+		echo "I'm now copying the data bytewise from the encrypted device to the"
+		echo "unencrypted loopdevice. Make absolutely sure that this process won't be"
+		echo "interrupted!"
+		echo
+		echo -n "Press enter to start decrypting ... "
+		read < /dev/console
+		if /bin/dd if=/dev/zero of=/dev/null conv=stat count=1 2>/dev/null ; then
+			echo "Starting dd, this will take some time. Go have some coffee :-)"
+			dd if=/dev/mapper/${encryptedname} of=${device} bs=1k conv=stat # conv=stat is my personal patch
+		else
+			echo "Starting dd, this will take some time. No output will happen"
+			echo "while this is running. Go have some coffee :-)"
+			dd if=/dev/mapper/${encryptedname} of=${device} bs=1k
+		fi
+		echo "Decrypting the data is done."
+		echo -n "Shutting down encryption ... "
+		/sbin/dmsetup remove ${encryptedname}
+		echo -n "done"
+		echo -n "Mounting ${device} on ${mountpoint} now ... "
+		if ! initrd_mount ${device} /root/${mountpoint} ; then
+			echo "FAILED"
+			echo "Couldn't mount ${device} on ${mountpoint}"
+			echo "Starting a shell"
+			echo
+			exec /bin/bash
+		fi
+		[ "${mountpoint}" == "/" ] && rootfsmounted=1
+		echo "done"
+		echo "Remember to change the status of ${device} to 'plain' using stone."
+		echo "Press enter to continue"
+		read < /dev/console
+		continue
+	fi # }}}
+	if [ "${status}" == "swap" ] ; then # {{{
+		echo "Creating encrypted swap on ${device}"
+		echo "setting up encryption"
+		echo -n "gathering entropy ... "
+		ent=""
+		while [ -z "${ent:128}" ] ; do
+			read -n 1 e < /dev/random
+			[ "${e}" == "\n" ] && continue
+			ent="${ent}${e}"
+			echo -n "."
+		done
+		ent="`echo ${ent} | md5sum`"
+		ent=${ent%% *}
+		echo
+		echo -n "setting up encryption ... "
+		encryptedname=${device//\//_}_encrypted
+		encryptedname=${encryptedname#_}
+		echo 0 `/sbin/blockdev --getsize ${device}` crypt aes-plain ${ent} 0 ${device} 0 | /sbin/dmsetup create ${encryptedname}
+		echo "done"
+		echo -n "creating swapspace ... "
+		if /sbin/mkswap /dev/mapper/${encryptedname} >/dev/null 2>&1 ; then
+			echo "success"
+			echo -n "activating swapspace ... "
+			if /sbin/swapon /dev/mapper/${encryptedname} ; then
+				echo "success"
+			else
+				echo "failed"
+				echo "booting without swap!"
+			fi
+		else
+			echo "failed"
+			echo "booting without swap!"
+		fi
+	fi # }}}
+	if [ "${status}" == "encrypted" ] ; then # {{{
+		run=1
+		while [ ${run} -eq 1 ] ; do
+			echo "Please enter the passphrase for ${device} on ${mountpoint}"
+			echo -n "Passphrase: "
+			read -s passphrase < /dev/console
+			echo
+			passphrase="`echo ${passphrase} | md5sum`"
+			passphrase=${passphrase%% *}
+			encryptedname=${device//\//_}_encrypted
+			encryptedname=${encryptedname#_}
+			echo 0 `/sbin/blockdev --getsize ${device}` crypt aes-plain ${passphrase} 0 ${device} 0 | /sbin/dmsetup create ${encryptedname}
+			if initrd_mount /dev/mapper/${encryptedname} /root/${mountpoint} < /dev/console ; then
+				run=0
+				echo "Success"
+			else
+				/sbin/dmsetup remove ${encryptedname}
+				echo "Couldn't mount ${device} on ${mountpoint}"
+				echo -n "Continue without it [y/n] ? "
+				read -n 1 yn < /dev/console
+				echo
+				[ "${yn}" == "y" ] && run=0
+			fi
+		done
+
+		[ "${mountpoint}" == "/" ] && rootfsmounted=1
+		continue
+	fi # }}}
+done < /etc/dm/mounts

package/base/device-mapper/etc_conf_initrd_initrd_dm

@@ -0,0 +1,11 @@
+/etc/conf/dm/initrd_dm /etc/conf/dm
+/etc/conf/dm/mounts	/etc/dm/mounts
+/bin/dd	/bin/dd
+/sbin/swapon	/sbin/swapon
+/sbin/mkswap	/sbin/mkswap
+/bin/grep	/bin/grep
+/bin/sed	/bin/sed
+/bin/cat	/bin/cat
+/usr/bin/md5sum	/bin/md5sum
+/sbin/blockdev	/sbin/blockdev
+/sbin/dmsetup	/sbin/dmsetup

package/blindcoder/rockinitrd/initrd_base.txt

@@ -0,0 +1,7 @@
+/etc/conf/initrd/linuxrc	/linuxrc
+/bin/ln	/bin/ln
+/bin/rm /bin/rm
+/sbin/udev	/sbin/udev
+/sbin/udevstart	/sbin/udevstart
+/sbin/udevd	/sbin/udevd
+/etc/udev	/etc/udev

package/blindcoder/rockinitrd/linuxrc

@@ -0,0 +1,76 @@
+#!/bin/bash
+
+initrd_mount() { # {{{
+	dev=${1}
+	mntpoint=${2}
+
+	/sbin/fsck -C -a ${dev}
+	fsckrc=${?}
+	if [ ${fsckrc} -eq 8 ] ; then
+		return 1
+	fi
+	if   [ $(( ${fsckrc} & ~3 )) != 0 ] ; then
+		echo " **"
+		echo " ** Filesystem ${dev} || error=${?} failed (returncode=${fsckrc})."
+		echo " ** Please repair the broken disk(s) manually."
+		echo " **"
+		exec /bin/bash
+	elif [ $(( ${fsckrc} &  2 )) != 0 ] ; then
+		echo " **"
+		echo " ** fsck has requested the system to be rebooted."
+		echo " ** Running a shell."
+		echo " **"
+		echo
+		exec /bin/bash
+	fi
+
+	mount -n ${dev} ${mntpoint}
+	return ${?}
+} # }}}
+
+PATH="/sbin:/usr/sbin:/bin/:/usr/bin"
+
+rootfs=""
+rootfsmounted=0
+
+mount -n -t tmpfs none /tmp
+mount -n -t proc none /proc
+mount -n -t sysfs none /sys
+mount -n -t ramfs none /dev
+/sbin/udevd &
+/sbin/udevstart
+cd /dev
+rm -rf fd
+ln -sf /proc/self/fd
+cd /
+
+while read dev mntpoint fstype options fsck1 fsck2 ; do
+	[ "${mntpoint}" == "/" ] && rootfs=${dev}
+	[ -n "${rootfs}" ] && break
+done < /etc/fstab
+
+echo "loading kernel modules"
+. /etc/conf/kernel
+
+for x in /etc/conf/* ; do
+	[ "${x}" == "/etc/conf/kernel" ] && continue
+	echo "Running ${x} ..."
+	. ${x}
+done
+
+if [ ${rootfsmounted} -eq 0 ] ; then
+	echo "Mounting rootfs (${rootfs}) on /root"
+	initrd_mount ${rootfs} /root
+	rootfsmounted=1
+fi
+
+echo "starting init in /root"
+echo "parameters passed to init: ${@}"
+cd /root
+mkdir -p /root/initrd
+mount -n --move /tmp /root/tmp
+mount -n --move /proc /root/proc
+mount -n --move /sys /root/sys
+mount -n --move /dev /root/dev
+/sbin/pivot_root . initrd
+exec chroot . /sbin/init "${@}"

package/blindcoder/rockinitrd/mkinitrdnew.sh

@@ -0,0 +1,99 @@
+#!/bin/sh
+
+kernel=`uname -r`
+tmpdir=`mktemp -d`
+
+if [ -n "$1" ]; then
+	if [ -d "/lib/modules/$1" ]; then
+		kernel="$1"
+	else
+		echo "Can't open /lib/modules/$1: No such directory."
+		echo "Usage: $0 [ kernel-version ]"
+		exit 1
+	fi
+fi
+
+echo "Creating /boot/initrdnew-${kernel}.img ..."
+mkdir -p $tmpdir/etc/conf
+grep '^modprobe ' /etc/conf/kernel | grep -v 'no-initrd' | \
+	sed 's,[ 	]#.*,,' | \
+	while read a b ; do
+		b="`find /lib/modules/$kernel -name "$b.o" -o -name "$b.ko"`"
+#b=${b//`uname -r`/$kernel} # substitute autodetected value by correct value
+		echo "Adding $b."
+		mkdir -p $tmpdir/${b%/*}
+		cp $b $tmpdir/$b
+		echo "/sbin/insmod $b $c" >> $tmpdir/etc/conf/kernel
+	done
+mkdir -p $tmpdir/dev $tmpdir/root $tmpdir/tmp $tmpdir/proc $tmpdir/sys
+mknod $tmpdir/dev/ram0	b 1 0
+mknod $tmpdir/dev/null	c 1 3
+mknod $tmpdir/dev/zero	c 1 5
+mknod $tmpdir/dev/tty	c 5 0
+mknod $tmpdir/dev/console c 5 1
+# this copies a set of programs and the necessary libraries into a
+# chroot environment
+
+targetdir=$tmpdir
+programs="/bin/bash /bin/bash2 /bin/sh /bin/ls /sbin/pivot_root /sbin/insmod /sbin/insmod.old /bin/mount /bin/umount /usr/bin/chroot /etc/fstab /bin/mkdir"
+
+libs=""
+for x in $programs ; do
+	[ -e $x ] || continue
+	mkdir -p $targetdir/${x%/*}
+	cp -a $x $targetdir/$x
+	file $x | grep -q ELF || continue
+	libs="$libs `ldd $x 2>/dev/null | grep -v 'not a dynamic executable' | sed -e 's,^[\t ]*,,g' | cut -f 3 -d' '`"
+done
+
+for x in /etc/conf/initrd/initrd_* ; do
+	[ -f $x ] || continue
+	while read file target ; do
+		if [ -d $file ] ; then
+			find $file -type f | while read f ; do
+				tfile=${targetdir}/${target}/${f#$file}
+				[ -e $tfile ] && continue
+				mkdir -p ${tfile%/*}
+				cp $f $tfile
+				libs="$libs `ldd $f 2>/dev/null | grep -v 'not a dynamic executable' | sed -e 's,^[\t ]*,,g' | cut -f 3 -d' '`"
+			done
+		fi
+		[ -f $file ] || continue
+		mkdir -p $targetdir/${target%/*}
+		cp $file $targetdir/$target
+		file $file | grep -q ELF || continue
+		libs="$libs `ldd $file 2>/dev/null | grep -v 'not a dynamic executable' | sed -e 's,^[\t ]*,,g' | cut -f 3 -d' '`"
+	done < $x
+done
+
+while [ -n "$libs" ] ; do
+	oldlibs=$libs
+	libs=""
+	for x in $oldlibs ; do
+		mkdir -p $targetdir/${x%/*}
+		cp $x $targetdir/$x
+		file $x | grep -q ELF || continue
+		for y in `ldd $x 2>/dev/null | grep -v 'not a dynamic executable' | sed -e 's,^[\t ]*,,g' | cut -f 3 -d' '` ; do
+			[ ! -e "$targetdir/$y" ] && libs="$libs $y"
+		done
+	done
+done
+
+# This works, but only for initrd images < 4 MB
+itmp=`mktemp`
+#/boot/initrdnew-${kernel}.img.tmp \
+dd if=/dev/zero of=${itmp} count=8192 bs=1024 > /dev/null 2>&1
+mke2fs -m 0 -N 5120 -F ${itmp} > /dev/null 2>&1
+mntpoint="`mktemp -d`"
+mount -o loop ${itmp} $mntpoint
+rmdir $mntpoint/lost+found/
+cp -a $tmpdir/* $mntpoint/
+umount -d $mntpoint
+rmdir $mntpoint
+
+gzip -9 < ${itmp} > /boot/initrdnew-${kernel}.img
+rm -f ${itmp}
+
+rm -rf $tmpdir
+echo "Done."
+

package/blindcoder/rockinitrd/rockinitrd.conf

@@ -0,0 +1,10 @@
+rockinitrd_main() {
+	mkdir -p $root/etc/conf/initrd
+	install -m 644 ${confdir}/initrd_base.txt $root/etc/conf/initrd/initrd_base
+	install -m 755 ${confdir}/linuxrc $root/etc/conf/initrd/linuxrc
+	install -m 755 ${confdir}/mkinitrdnew.sh $root/sbin/mkinitrdnew.sh
+}
+
+autoextract=0
+srctar="none"
+custmain="rockinitrd_main"

package/blindcoder/rockinitrd/rockinitrd.desc

@@ -0,0 +1,43 @@
+
+[COPY] --- ROCK-COPYRIGHT-NOTE-BEGIN ---
+[COPY] 
+[COPY] This copyright note is auto-generated by ./scripts/Create-CopyPatch.
+[COPY] Please add additional copyright information _after_ the line containing
+[COPY] the ROCK-COPYRIGHT-NOTE-END tag. Otherwise it might get removed by
+[COPY] the ./scripts/Create-CopyPatch script. Do not edit this copyright text!
+[COPY] 
+[COPY] ROCK Linux: rock-src/package/blindcoder/rockinitrd/rockinitrd.desc
+[COPY] ROCK Linux is Copyright (C) 1998 - 2005 Clifford Wolf
+[COPY] 
+[COPY] This program is free software; you can redistribute it and/or modify
+[COPY] it under the terms of the GNU General Public License as published by
+[COPY] the Free Software Foundation; either version 2 of the License, or
+[COPY] (at your option) any later version. A copy of the GNU General Public
+[COPY] License can be found at Documentation/COPYING.
+[COPY] 
+[COPY] Many people helped and are helping developing ROCK Linux. Please
+[COPY] have a look at http://www.rocklinux.org/ and the Documentation/TEAM
+[COPY] file for details.
+[COPY] 
+[COPY] --- ROCK-COPYRIGHT-NOTE-END ---
+
+[I] The new ROCK initrd code
+
+[T] The new ROCK initrd is designed to ease the creation of an initrd based
+[T] upon some ideas discussed on the RLML early 2005. These include:
+[T] - fsck of rootfs and starting of network, sshd and sending of email in
+[T]   case of error
+[T] - encrypted rootfs
+
+[U] http://www.rocklinux.org/
+
+[A] Benjamin Schieder <blindcoder@scavenger.homeip.net>
+[M] Benjamin Schieder <blindcoder@scavenger.homeip.net>
+
+[C] base/boot
+
+[L] GPL
+[S] Beta
+[V] 20050720
+[P] X -----5---9 800.000
+